[Fed-Talk] macOS Security Compliance Project
[Fed-Talk] macOS Security Compliance Project
- Subject: [Fed-Talk] macOS Security Compliance Project
- From: "Gendler, Bob \(Fed\) via Fed-talk" <email@hidden>
- Date: Wed, 7 Oct 2020 20:05:56 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zb+bWTxv1lHFQOB+S50dBdKqs7d6jyDD0BiHU5IPOH4=; b=Tj7q/aHTW5swf8AUsmzO0mzC9YgsYqcx/H3htQMlRmV77bKkMFAc/xRTebRdFpz1Zn51I/nXDJ5LVo68KKZ3U5PxtZ2tOFm/0kXBNt8SH28reigXlT+M5u3dXnOsR7sgLfoZjtdU1JAQ4XMQVRA5lNDnuOpbGePED1W88Nfm9LMsPVK8oQ3hvtsWJP6/pUjBo0+2d5vnvdIWFQfEwoCrUwsMt5EQho7GLyBN2rMiI+NEPXjbTZlI4OKBeeV3q4XEYY8cI/ypmjSN79meN87szxD4FEjum0dYqjwv3rTDMQ737PfdzfIz/RaCrhkpAl8rmy+wZVj+OaHaEtqjqY49PQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J5bVe3r9B5rRs0rxnoRGRMcs/1FXARVfttuJx+t1Myu4Ob8c1/p+X3Wbb03zZrxfiXZxFJnV+bjaMc3yUe8rnx/iMJmPLrUREPCL8k+1u9LIOR1RAHMyDv99GIfqxQgPytYVrYvP1qQWBTweCGX1Dk7p8Uz00iYQfMYgzCMoILruPcnqjjegXUtXayujDOZK1EHeonN5CRN+5U/EUXjZ7H4+FAvT3mxzXserZ+UKsnvJ8MpEV51ezzcwVQS3rdKNYJxLHPAizkmVVXLkEb0i1RN0G9Njdm36maR6q0cKUWOhR2Ui+zO33Jumr9uedUEX2wGAzPAgsdIHYhA6y8i7dQ==
- Thread-topic: macOS Security Compliance Project
Hello everyone,
I wanted to make everyone aware of a project that’s been in the works for a
while that’ll be of interest to a lot of people on this list, the macOS
Security Compliance Project (https://github.com/usnistgov/macos_security
<https://github.com/usnistgov/macos_security>). It’s a collaborative project
across multiple agencies. If you have 30ish minutes we presented at the
MacAdmins conference on the project this summer, so you can get a better
understanding potentially on how it all works and is laid out.
https://www.youtube.com/watch?v=mpEBEelSWlI&feature=youtu.be
<https://www.youtube.com/watch?v=mpEBEelSWlI&feature=youtu.be>
Yesterday, we released our Catalina Revision 1 baseline with rules mapped to
NIST 800-53 and 800-171 which includes an HTML, PDF, XLS, and SCAP guidance on
securing machines for a low, moderate, and high baseline. This is the first
time there’s been published SCAP content for macOS.
https://github.com/usnistgov/macos_security/releases/tag/catalina_rev1
<https://github.com/usnistgov/macos_security/releases/tag/catalina_rev1>
Our aim is to be able to release security baselines quickly so that we can all
deploy the newest OS quicker. The Catalina baseline took a bit longer due to it
being the first, but we hope for Big Sur soon after release of the OS. Please
check it out, we’d love feedback submitted through issues or pull requests on
GitHub. We’re hoping to have baselines smoothed out for other frameworks such
as ISO or the different levels of CMMC.
Bob Gendler
IT Specialist (Security)
OISM | Managed Desktop Mac Team
U.S Dept. of Commerce | NIST
(301) 975-6054 | email@hidden
--
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden